package org.opensaml.security.httpclient.impl;

import com.google.common.collect.Lists;
import java.io.File;
import java.net.URISyntaxException;
import java.security.KeyException;
import java.security.cert.CertificateException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.httpclient.HttpClientSecurityConfiguration;
import org.opensaml.security.httpclient.HttpClientSecurityConfigurationCriterion;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.TLSCriteriaSetCriterion;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/security/httpclient/impl/BasicHttpClientSecurityParametersResolverTest.class */
public class BasicHttpClientSecurityParametersResolverTest {
    private BasicHttpClientSecurityParametersResolver resolver;
    private X509Credential x509Credential1;
    private X509Credential x509Credential2;
    private X509Credential x509Credential3;

    /* loaded from: input_file:org/opensaml/security/httpclient/impl/BasicHttpClientSecurityParametersResolverTest$MockTrustEngine.class */
    public static class MockTrustEngine implements TrustEngine<X509Credential> {
        public boolean validate(X509Credential x509Credential, CriteriaSet criteriaSet) throws SecurityException {
            return false;
        }
    }

    @BeforeMethod
    protected void setUp() throws CertificateException, URISyntaxException, KeyException {
        this.resolver = new BasicHttpClientSecurityParametersResolver();
        this.x509Credential1 = CredentialSupport.getSimpleCredential(X509Support.decodeCertificate(new File(getClass().getResource("/data/certificate.pem").toURI())), KeySupport.decodePrivateKey(new File(getClass().getResource("/data/rsa-privkey-nopass.pem").toURI()), (char[]) null));
        this.x509Credential2 = CredentialSupport.getSimpleCredential(X509Support.decodeCertificate(new File(getClass().getResource("/data/certificate.pem").toURI())), KeySupport.decodePrivateKey(new File(getClass().getResource("/data/rsa-privkey-nopass.pem").toURI()), (char[]) null));
        this.x509Credential3 = CredentialSupport.getSimpleCredential(X509Support.decodeCertificate(new File(getClass().getResource("/data/certificate.pem").toURI())), KeySupport.decodePrivateKey(new File(getClass().getResource("/data/rsa-privkey-nopass.pem").toURI()), (char[]) null));
    }

    @Test
    public void testSingleConfigFullyPopulated() throws ResolverException {
        HttpClientSecurityParameters resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{buildBaseConfiguration(this.x509Credential1)})}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getAuthCache());
        Assert.assertNotNull(resolveSingle.getClientTLSCredential());
        Assert.assertNotNull(resolveSingle.getCredentialsProvider());
        Assert.assertNotNull(resolveSingle.getHostnameVerifier());
        Assert.assertNotNull(resolveSingle.getTLSCipherSuites());
        Assert.assertNull(resolveSingle.getTLSCriteriaSet());
        Assert.assertNotNull(resolveSingle.getTLSProtocols());
        Assert.assertNotNull(resolveSingle.getTLSTrustEngine());
        Assert.assertNotNull(resolveSingle.isServerTLSFailureFatal());
    }

    @Test
    public void testSingleConfigEmpty() throws ResolverException {
        HttpClientSecurityParameters resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{new BasicHttpClientSecurityConfiguration()})}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getAuthCache());
        Assert.assertNull(resolveSingle.getClientTLSCredential());
        Assert.assertNull(resolveSingle.getCredentialsProvider());
        Assert.assertNull(resolveSingle.getHostnameVerifier());
        Assert.assertNull(resolveSingle.getTLSCipherSuites());
        Assert.assertNull(resolveSingle.getTLSCriteriaSet());
        Assert.assertNull(resolveSingle.getTLSProtocols());
        Assert.assertNull(resolveSingle.getTLSTrustEngine());
        Assert.assertNull(resolveSingle.isServerTLSFailureFatal());
    }

    @Test
    public void testMultipleConfigsSimple() throws ResolverException {
        HttpClientSecurityParameters resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{buildBaseConfiguration(this.x509Credential1), new BasicHttpClientSecurityConfiguration(), new BasicHttpClientSecurityConfiguration()})}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getAuthCache());
        Assert.assertNotNull(resolveSingle.getClientTLSCredential());
        Assert.assertNotNull(resolveSingle.getCredentialsProvider());
        Assert.assertNotNull(resolveSingle.getHostnameVerifier());
        Assert.assertNotNull(resolveSingle.getTLSCipherSuites());
        Assert.assertNull(resolveSingle.getTLSCriteriaSet());
        Assert.assertNotNull(resolveSingle.getTLSProtocols());
        Assert.assertNotNull(resolveSingle.getTLSTrustEngine());
        Assert.assertNotNull(resolveSingle.isServerTLSFailureFatal());
        HttpClientSecurityParameters resolveSingle2 = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{new BasicHttpClientSecurityConfiguration(), buildBaseConfiguration(this.x509Credential1), new BasicHttpClientSecurityConfiguration()})}));
        Assert.assertNotNull(resolveSingle2);
        Assert.assertNull(resolveSingle2.getAuthCache());
        Assert.assertNotNull(resolveSingle2.getClientTLSCredential());
        Assert.assertNotNull(resolveSingle2.getCredentialsProvider());
        Assert.assertNotNull(resolveSingle2.getHostnameVerifier());
        Assert.assertNotNull(resolveSingle2.getTLSCipherSuites());
        Assert.assertNull(resolveSingle2.getTLSCriteriaSet());
        Assert.assertNotNull(resolveSingle2.getTLSProtocols());
        Assert.assertNotNull(resolveSingle2.getTLSTrustEngine());
        Assert.assertNotNull(resolveSingle2.isServerTLSFailureFatal());
        HttpClientSecurityParameters resolveSingle3 = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{new BasicHttpClientSecurityConfiguration(), new BasicHttpClientSecurityConfiguration(), buildBaseConfiguration(this.x509Credential1)})}));
        Assert.assertNotNull(resolveSingle3);
        Assert.assertNull(resolveSingle3.getAuthCache());
        Assert.assertNotNull(resolveSingle3.getClientTLSCredential());
        Assert.assertNotNull(resolveSingle3.getCredentialsProvider());
        Assert.assertNotNull(resolveSingle3.getHostnameVerifier());
        Assert.assertNotNull(resolveSingle3.getTLSCipherSuites());
        Assert.assertNull(resolveSingle3.getTLSCriteriaSet());
        Assert.assertNotNull(resolveSingle3.getTLSProtocols());
        Assert.assertNotNull(resolveSingle3.getTLSTrustEngine());
        Assert.assertNotNull(resolveSingle3.isServerTLSFailureFatal());
    }

    @Test
    public void testMultipleConfigsLayered() throws ResolverException {
        HttpClientSecurityConfiguration buildBaseConfiguration = buildBaseConfiguration(this.x509Credential1);
        HttpClientSecurityConfiguration buildBaseConfiguration2 = buildBaseConfiguration(this.x509Credential2);
        HttpClientSecurityConfiguration buildBaseConfiguration3 = buildBaseConfiguration(this.x509Credential3);
        HttpClientSecurityParameters resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{buildBaseConfiguration, buildBaseConfiguration2, buildBaseConfiguration3})}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertNotNull(resolveSingle.getClientTLSCredential());
        Assert.assertSame(resolveSingle.getClientTLSCredential(), buildBaseConfiguration.getClientTLSCredential());
        buildBaseConfiguration.setClientTLSCredential((X509Credential) null);
        HttpClientSecurityParameters resolveSingle2 = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{buildBaseConfiguration, buildBaseConfiguration2, buildBaseConfiguration3})}));
        Assert.assertNotNull(resolveSingle2);
        Assert.assertNotNull(resolveSingle2.getClientTLSCredential());
        Assert.assertSame(resolveSingle2.getClientTLSCredential(), buildBaseConfiguration2.getClientTLSCredential());
        buildBaseConfiguration2.setClientTLSCredential((X509Credential) null);
        HttpClientSecurityParameters resolveSingle3 = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{buildBaseConfiguration, buildBaseConfiguration2, buildBaseConfiguration3})}));
        Assert.assertNotNull(resolveSingle3);
        Assert.assertNotNull(resolveSingle3.getClientTLSCredential());
        Assert.assertSame(resolveSingle3.getClientTLSCredential(), buildBaseConfiguration3.getClientTLSCredential());
    }

    @Test
    public void testTLSCriteriaSet() throws ResolverException {
        CriteriaSet criteriaSet = new CriteriaSet(new Criterion[]{new HttpClientSecurityConfigurationCriterion(new HttpClientSecurityConfiguration[]{new BasicHttpClientSecurityConfiguration()})});
        criteriaSet.add(new TLSCriteriaSetCriterion(new CriteriaSet()));
        HttpClientSecurityParameters resolveSingle = this.resolver.resolveSingle(criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNotNull(resolveSingle.getTLSCriteriaSet());
    }

    private BasicHttpClientSecurityConfiguration buildBaseConfiguration(X509Credential x509Credential) {
        BasicHttpClientSecurityConfiguration basicHttpClientSecurityConfiguration = new BasicHttpClientSecurityConfiguration();
        basicHttpClientSecurityConfiguration.setClientTLSCredential(x509Credential);
        basicHttpClientSecurityConfiguration.setCredentialsProvider(new BasicCredentialsProvider());
        basicHttpClientSecurityConfiguration.setHostnameVerifier(new StrictHostnameVerifier());
        basicHttpClientSecurityConfiguration.setTLSCipherSuites(Lists.newArrayList(new String[]{"test"}));
        basicHttpClientSecurityConfiguration.setTLSProtocols(Lists.newArrayList(new String[]{"test"}));
        basicHttpClientSecurityConfiguration.setTLSTrustEngine(new MockTrustEngine());
        basicHttpClientSecurityConfiguration.setServerTLSFailureFatal(true);
        return basicHttpClientSecurityConfiguration;
    }
}
